1. Field of the Invention
The present invention relates to a method for controlling a security channel for reducing system load by extending the use period of an security association key for providing a secure service between ports or terminals in a MAC security network that provides a MAC security service based on IEEE 802.1AE.
2. Description of the Related Art
In order to provide security and authentication function for transmitting frames in a network layer, an IP security (IPSEC) protocol or an application level security function such as password has been used.
As a local area network (LAN) has been enlarged, a bandwidth thereof was broadened and a fast L2 switching technology was introduced, a communication service using a data link layer only was recently introduced. Accordingly, it requires a security and authentication process for frames in a data link layer.
IEEE 802 organizes an IEEE 802.1AE work group for standardizing structures and plans for a MAC security technology of a data link layer. Also, the confidentiality, the integrity, and the authentication of the frames in the communication using the data link layer are provided through the standard defined by IEEE 802.1AE work group.
The specifications recently introduced by IEEE 802.1AE will be briefly described. In IEEE 802.1AE clause 14, GCM-AES-128 is recommended to use as the encryption algorithm. However, any other algorithm that satisfies the specifications introduced from the IEEE 802.1AE can be used instead of using the GSM-AES-128,
FIG. 1 is a diagram illustrating a structure of a MAC security frame introduced by IEEE 802.1AE.
Referring to FIG. 1, the MAC frame structure introduced by IEEE 802.1AE includes a MAC address field storing a destination address and a source address of a corresponding packet. The MAC frame structure also includes a secure data field that stores coded user data, and a secure TAG (secTAG) field interposed between the MAC address field and the secure data field for transferring encryption parameters. Furthermore, the MAC frame structure includes an ICV field attached at the end of the secure data. The ICV field stores an integrity check value (ICV) for checking the integrity of a corresponding secure data.
With reference to FIG. 2 and FIG. 3, a security service introduced by IEEE 802.1AE will be described as follows.
A transmitting terminal for exchanging MAC secure frames having the structure shown in FIG. 1 creates security association with a receiving side by sharing a security association key (SAK), and the predetermined part of an initialization vector (IV) of an encryption algorithm. When a transmitting frame is generated, the transmitting terminal attaches the security TAG (secTAG) after the source address (SA) field of the transmitting frame, where the secTAG includes encryption parameters. Then, the transmitting terminal places secure data at the back of the secTAG, where the secure data is user data that is encoded using the encryption parameters stored in the secTAG. The transmitting terminal also calculates an integrity check value (ICV) using an authentication key related to the corresponding security and adds the calculated ICV into the frame.
The secTAG includes an association number (AN), a packet number (PN), and encryption data such as V, ES, SC, SCB, E, C, SL, SCI, and etc.
The PN is a packet number sequentially assigned to frames which are transmitted within a same security association key. As shown in FIG. 4, the packet number is formed of lower 32 bits of an initialization vector. The secure data is encrypted using the upper bit value of an initialization vector, which is shared with the receiving side, the initialization vector constituent of the packet number, and the security association key.
Therefore, a receiving terminal in a MAC secure service network receives a MAC secure frame having a destination address (DA), a source address (SA), a SecTAg, a secure data, an ICV, and a FCS. Then, the receiving terminal calculates an integrity check value (ICV) using the authentication key of the secure association shared with the transmitting side, and compares the calculated ICV and the ICV in the received frame. If they are identical, the receiving terminal determines that the received frame has the integrity, and if not, the receiving terminal destroys the received frame.
Then, the receiving terminal extracts encryption parameters and the packet number (PN) from the SecTAg included in the ICV checked frame. After extracting, the receiving terminal generates an initialization vector by combining the upper bits of the initialization vector, which are shared with the transmitting side, with the packet number. Then, the secure data is decoded using the generated initialization vector and the security association key.
Then, an Ethernet frame is restored by combining the destination address, the source address, the restored data and the FCS.
As described above, the transmitting and receiving frames are secured in the MAC secure service network. That is, the transmitting side and the receiving side are synchronized by changing the lower 32 bits of the 96 bit initialization vector using the PN of the MAC secure frame with the upper 64 bits of the initialization vector that is shared with the transmitting side.
According to a method introduced by IEEE 802.1AE, a same PN cannot be repeatedly used for the identical security association key. Therefore, after using all of the PN numbers, the security association key must change. Since the security association key is 128 bits, it requires the great amount of computation power to generate, manage and distribute the security association key. In order to distribute a new security association key, corresponding messages must be exchanged, additionally.
That is, the PN value used in the MAC security is 32 bits, and 0 cannot be used as the PN value. Accordingly, total 232-2 PNs are available. If it assumes that the PN value starts from 1 and increases by 1 when a frame is transmitted, the security association key must change at every 232-2 frames.
As the worst case, it assumes that the length of the Ethernet frame is 64 bytes, and a transmit rate is a giga-bit Ethernet level. Under these assumptions, a use period Tk of a security association key can be calculated as Eq. 1. Herein, a MACsec framing overhead is 24 bits.
                                                        Tk              =                                                (                                      Lf                    +                    Lp                    +                    Lo                    +                    Lg                                    )                                ×                                  (                                                            2                      32                                        -                    2                                    )                                ×                8                ⁢                                                                  ⁢                ns                                                                                        =                                                (                                      64                    +                    8                    +                    24                    +                    12                    +                                    )                                ×                                  (                                                            2                      32                                        -                    2                                    )                                ×                8                ⁢                                                                  ⁢                ns                                                                                        =                              3710                ⁢                                                                  ⁢                sec                                                                        Eq        .                                  ⁢        1            
In Eq. 1, Lf denotes the length of a frame in a unit of a byte, Lp denotes the length of a preamble in a unit of a byte, Lo denotes the length of overhead in a unit of a byte, Lg denotes a gap between frames in a unit of a byte, and 8 ns is a time taken to transmit one byte through a giga-bit network.
According to the calculation in Eq. 1, the use period for the security association key is about one hour in the worst case. That is, the security association key needs to be generated and distributed at every one hour. Since the generation and distribution of the security association key is an event generating in one direction, the security association key is generated and distributed twice at every one hour for two direction event.
As described above, according to the convention method, the security association key needs to be generated and distributed whenever 232-2 frames are transmitted because of the short life time of the security association key. Therefore, the system load increases due to frequent generation and distribution of the security association key. Also, it requires many messages to exchange for generating and distributing the security association key.